Resetting the cluster configuration allows you to recover a cluster that has lost consensus. If the cluster regains consensus after connectivity is restored, the primary will return to Read-Write mode and password check and change will be re-enabled. However, if it does not regain consensus, the Appliance Administrator must perform a cluster reset to force-remove nodes from the cluster.
If you are concerned about network issues, reset the cluster with only the new primary appliance. Once the cluster reset operation is complete, enroll appliances one by one to create a new cluster.
|
Caution: Resetting a cluster should be your last resort. It is recommended that you restore from a backup rather than reset a cluster. |
|
IMPORTANT: Only reset the cluster if you are certain that consensus has been lost; otherwise, you could introduce a split-brain scenario. (Split-brain scenario is where a cluster gets divided into smaller clusters. Each of these smaller clusters believes it is the only active cluster and may then access the same data which could lead to data corruption.) |
To reset a cluster
Click the Reset Cluster button.
The Reset Cluster dialog displays listing the appliances (primary and replicas) in the cluster.
In the Reset Cluster dialog, select the nodes to be included in the reset operation and use the Set Primary button to designate the primary appliance in the cluster.
|
NOTE: Nodes must have an appliance state of Online or Online Read-only and be able to communicate to be included in the reset operation. If you select a node that is not online or not available, you will get an error and the reset operation will fail. |
In the confirmation dialog, enter the words Reset Cluster and click OK.
When connected to the new primary appliance, the Configuring Safeguard for Privileged Passwords Appliance progress page displays showing the steps being performed as part of the maintenance task to reset the cluster.
Once reset, the cluster only contains the appliances that were included in the reset operation.
As an Appliance Administrator, you can use the Factory Reset feature to reset a Safeguard for Privileged Passwords Appliance to recover from major problems or to clear the data and configuration settings on the appliance. A factory reset of a physical appliance may be initiated from the Appliance Information settings page in the desktop client, from the recovery kiosk, from the virtual appliance Support Kiosk, or using the API.
A Safeguard for Privileged Passwords virtual appliance is reset by the recovery steps to redeploy and not a factory reset. For more information, see Virtual appliance backup and recovery.
|
Caution: Care should be taken when performing a factory reset against a physical appliance, because this operation removes all data and audit history, returning it to its original state when it first came from the factory. The appliance must go through configuration again as if it had just come from the factory. For more information, see Setting up Safeguard for Privileged Passwords for the first time. In addition, performing a factory reset may change the default SSL certificate and default SSH host key. |
Performing a factory reset on a clustered hardware appliance will not automatically remove the appliance from a cluster. The recommended best practice is to unjoin an appliance from the cluster before performing a factory reset on the appliance. After the unjoin and factory reset, the appliance must be configured again. For more information, see Setting up Safeguard for Privileged Passwords for the first time.
To perform a factory reset from the desktop client
In the Factory Reset confirmation dialog, enter the words Factory Reset and click OK.
The appliance will go into Maintenance mode to revert the appliance. Once completed, you will be prompted to restart the desktop client. If the appliance had been in a cluster, you may need to unjoin the factory reset appliance. The factory reset appliance must be configured again. For more information, see Setting up Safeguard for Privileged Passwords for the first time. In addition, when you log into the appliance, you will be prompted to add your Safeguard for Privileged Passwords licenses.
To perform a factory reset from the recovery kiosk or support kiosk
At Get Challenge, press the Enter key.
Safeguard for Privileged Passwords produces a challenge.
Copy and paste the challenge and send it to One Identity Support.
In order to maintain consistency and stability, only one cluster operation can run at a time. To ensure this, Safeguard for Privileged Passwords locks the cluster while a cluster operation is running, such as enroll, unjoin, failover, patch, reset, and routine maintenance. The Cluster view shows that the cluster is locked and that any changes to the cluster configuration are not allowed until the operation completes. The banner that appears at the top of the screen explains the operation in progress and a red lock icon () next to an appliance indicates that the appliance is locking the cluster.
To unlock a locked cluster
In the Unlock Cluster confirmation dialog, enter Unlock Cluster and click OK.
This will release the cluster lock that was placed on all of the appliances in the cluster and terminate the operation.
|
IMPORTANT: Care should be taken when unlocking a locked cluster. It should only be used when you are sure that one or more appliances in the cluster are offline and will not finish the current operation. If you force the cluster unlock, you may cause instability on an appliance requiring a factory reset and possibly the need to rebuild the cluster. If you are unsure about the operation in progress, do NOT unlock the cluster. Most often, it will eventually time out and unlock on its own. |
If there is a problem with a Safeguard for Privileged Passwords cluster, follow these guidelines:
Generate and collect support bundles for each appliance in the cluster and contact support. For more information, see Support Bundle.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy